gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] signatures and checking

From: Andrew Suffield
Subject: Re: [Gnu-arch-users] signatures and checking
Date: Tue, 27 Jan 2004 02:08:49 +0000
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Mon, Jan 26, 2004 at 04:58:51PM -0800, Tom Lord wrote:
> So I'm back to thinking that the right short term fix for the security
> issue is just to provide, say, an awk script that users can use
> instead of calling gpg (or agpg or whatever) directly in their .check
> files.

What do you think this script should do?

The only way it can possibly work that I can see, is to reimplement
the packet parser from gpg. That's hard; I looked at the code and it's
extremely complicated. There are heaps of things that gpg will
consider valid signed data; the clearsigned openpgp message that we're
currently using are a tiny subset of the range of things that gpg can
handle.

The only "easy" solutions require the signature check script to tell
tla what the signed data is. Anything that's based on tla guessing
(like "all lines beginning with a hash type I recognise") is going to
be difficult to write correct check scripts for - you have to scan the
checksum file and make sure there's nothing that tla could match that
is not within a signed region.

> And the right long-term fix is to ask for a new option in gpg.

Again, to do what? I already tried this, and couldn't come up with
anything that made sense other than "emit the signed data to stdout".

As far as I can tell, gpg already does everything that it can do to
help us here.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]